Author
Topic: CGI bin (Read 1867 times)

I have a Linksys router running DDWRT. I have written CGI script to control GPIO pins on it. I can access this with my smartphone and control the pins the way I want from a webpage the router is serving. My problem is that every time I try to access it, I am asked for username/password. The smartphone will not save this info so I have to punch it in every time. It is not attached to the web and is not something I need secured. Does anyone know how I do this so it doesn't ask for the password? I tried chmod 777 on everything and it didn't help. The username / password it has to have is the root one.

I am not sure who the owner of the page is or who it runs as. I will look into that. I am guessing I need to create another page and run the command 'whoami' in the webpage to find out who it is run as. I will guess it runs as user "root".

I use an iPhone and I saved the shortcut to my main screen. When I click it it pops up in safari. Safari wont save them at all for me. I have changed settings for it and nothing works. I just switched my default browser to chrome and I will see if it retains the passwords for me. Thanks.

The Firefox Addon I mentioned will even save passwords for https web pages that pass the autocomplete=off flag to the browser .. autocomplete=off is supposed to tell the browser NOT to remember form data such as passwords.

I tried chrome and for some sites it allows me to save the password, but this one doesn't give me the option to save. Is there a html code I am leaving out of the site that allows the browser to save it? I am not seeing a Firefox for the iPhone. That's a shame if they don't have one, because that is my browser of choice on all of my PC's.

There is no form in the webpage that asks for a login. Therefore there is nothing that can be autocompleted from what I can tell.

I even ran a java script on the page and it said there were 0 items to autocomplete.

I am guessing it is a permissions thing. All of the files in this directory including the directory itself have been set to chmod 777. It still requires the root username and password. I don't see any kind of htaccess type of security either. It is in a CGI-bin directory. Is it possible the CGI-bin directory name has some sort of higher security override that cancels my chmod 777? ls -l returns a rwx on everything.

Not knowing much about this, but I would be guessing that you need the username/password to access the router in the first place, not just the specific page?Have you tried to disable the requirement for this (if at all possible, or even advisable)?Go to Administration -> Management -> Remote Access.

Something I did find out though. If I connect to the router and go to the web address of 192.168.1.254 it will go straight to 192.168.1.254/index.asp with no username or password needed. If I try to go to anything else being served it asks for username and password.

/www/there is a link in there "user" that points to /jffs/wwwI have files in here and I can go to any of these files and not provide the username and pass.However anything in /jffs/www/cgi-bin/ I am asked for uname/pass. cgi-bin is listed as drwxrwxrwx root rootEvery file inside cgi-bin directory is listed as rwxrwxrwx root root.

Anyone have any ideas. Like I said this is not hooked to internet or any computer. So canning the security is what I want.